HIPAA is not a new issue for healthcare providers; however, the ever changing threat landscape along with the OCR’s renewed commitment to compliance and enforcement, reinforces the need for healthcare providers to ensure that they are focused on preparing for privacy or security issues that are increasingly occurring.

On Nov. 3, 2015, the Federal Financial Institutions Examination Council has issued an alert calling on financial institutions to take specific risk mitigation steps due to an increase in the frequency and severity of cyber-attacks involving extortion.

The FFIEC statement was prompted by recent reports of distributed denial-of-service attacks tied to extortion, such as those by the group known as DD4BC. Ransomware attacks have also been on the rise. The FFIEC is urging banks to take specific steps to mitigate these risks.

As the healthcare industry continues to digitize patient records, that data is a growing target for cybercriminals intent on committing medical identity theft and fraud.

The number of individuals affected by medical identity theft in the U.S. increased 22 percent in 2014 compared to the previous year—an increase of nearly half a million victims.

The FBI has recently issued a renewed warning about what it calls the Business Email Compromise, a scam being used against companies that use wire transfers for payments.

Just like many breaches, this scam usually starts with socially engineered phishing.

A $46.7 million business email compromise scheme that targeted Ubiquiti Networks, Inc. shows just how little cybercriminals have to do to fool employees into unknowingly committing wire fraud.

Ubiquiti, a wireless networking technology provider, announced that it had been targeted by an email impersonation scheme that convinced employees in its finance department to fraudulently schedule wire transfers to overseas accounts.

The recent string of major hacker attacks in the healthcare sector, including the cyber-attack on UCLA Health, highlights the need for healthcare providers to step up their security programs.

St. Elizabeth’s Medical Center in Massachusetts has been hit with a $218,000 HIPAA penalty. This penalty is the result of an investigation stemming from two security incidents.

The first incident involved staff members using an Internet site to share documents containing patient data without first assessing risks. The second involved the theft of a worker’s personally owned unencrypted laptop and storage device.

New business continuity guidelines from the Federal Financial Institutions Examination Council give more details on the cybersecurity initiatives banks and credit unions will be asked to address during upcoming examinations.

These new guidelines are likely the result of the FFIEC’s cybersecurity assessment program that was piloted at 500 community institutions last summer.

Recent health data breaches once again have business associates (BAs) grabbing headlines, which reinforces the importance of scrutinizing third-parties handling PHI.

Recently North Shore-LIJ Health System reported that they did not learn about a breach at one of their BA’s until eight months later. Shortly thereafter, Medical Informatics Engineering, which offers a Web-hosted electronic health record system as well as personal health records, disclosed that they were the target of a breach that affected its clients and their patients.

On June 30 the Federal Financial Institutions Examination Council released its Cybersecurity Assessment Tool. The tool is designed to help banks of all sizes assess identity risks and weaknesses in their cybersecurity preparedness programs.